| 4 | | * Algorithm: ed25519 or rsa 4096bits |
| 5 | | * Supply a password for your private key |
| 6 | | * Use a unique private/public key pair per server |
| | 4 | * '''Always''' use a (strong) passphrase on your private keys! |
| | 5 | * Use a unique private/public key pair for each username, host combination. |
| | 6 | * It is more secure to not use a key agent or multiplexing (`ControlMaster`), as any process running on your computer can abuse those mechanisms to perform commands on hosts you were permitted to log in to. |
| | 7 | |
| | 8 | If you fail to follow these rules and guidelines, a compromise of the server's security may actually be ''more likely'' than if we were still using fixed passwords. |
